T5797: Adjust MSS clamping from forward to postrouting hook

[giga1699]

Change summary

Adjust the VYOS_TCP_MSS chain to hook on postrouting instead of forward in order to fix MSS clamping not being adequately applied when MPLS/VRF is used.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

https://vyos.dev/T5797

Related PR(s)

How to test / Smoketest result

sudo nft list ruleset

You should see

table ip raw {
    chain VYOS_TCP_MSS {
        type filter hook postrouting priority raw; policy accept;
    }
}

You should no longer see

table ip raw {
    chain VYOS_TCP_MSS {
        type filter hook forward priority raw; policy accept;
    }
}

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[github-actions]

👍
No issues in PR Title / Commit Title

[giga1699]

I have read the CLA Document and I hereby sign the CLA

[giga1699]

If possible, could this be backported to sagitta and/or circinus?

I've tested this on 1.4.2 and it's working okay on a MPLS PE router currently.

[github-actions]

CI integration 👍 passed!

Details

CI logs

• CLI Smoketests (no interfaces) 👍 passed
• CLI Smoketests (interfaces only) 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed

[sever-sever]

Add the TCP-MSS option for forwarded and local generated traffic from the router itself.
I do not see any bad things with this implementation.
We'll probably separate this in the future if we face any harm.
Like:

set interfaces ethernet ethX tcp-mss hook <forward | postrouting>

[sarthurdev]

See no issues, tested locally and works same as previously.